- Verifies transparent retry and JWT rotation on 401 with code 11
- Verifies no retry for 401 with non-JWT error code
- Verifies current session appears on sessions settings page
- Increases rate limit for e2e test API to prevent 429 errors
Uploads two different avatars in sequence and verifies the header
avatar src changes after the second upload. This confirms both the
backend cache (via DelPrefix) and the frontend cache are properly
invalidated when a new avatar is uploaded.
This allows external integrations to link directly to the API token creation page with pre-selected title and permission scopes. URLs can now use `?title=Name&scopes=group:perm,group:perm` format to pre-populate the form.
Example URL:
```
/user/settings/api-tokens?title=My%20Integration&scopes=tasks:create,tasks:delete,projects:read_all
```
- Re-enable 16 previously skipped Playwright E2E tests that now pass
- Fix test setup issues that were causing flakiness
## Changes
- **task/task.spec.ts** (8 tests): kanban navigation, description
editing, assignees, labels, due dates
- **task/overview.spec.ts** (4 tests): task ordering, due date handling
- **user/settings.spec.ts** (2 tests): avatar upload, name update
- **user/login.spec.ts** (2 tests): bad password error, redirect after
login
## Key fixes
- Kanban view tests now properly create `TaskBucket` entries so tasks
appear in the kanban board
- Avatar upload test uses the API directly to avoid `canvas.toBlob()`
issues in headless browser environments
- Login redirect test no longer uses the shared `login()` helper that
expected redirect to `/`